habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c7963e4af760589cf3beef173f57fb9341fed9d6
authentik/website/integrations/services/freshrss/index.mdx
Dewi Roberts 6d4c9a3446 website/integrations: fix typos, update language and styling (#14978) 
* Typo and improved language

* Changes "admin" to "administrator" and updates indentation

* Updates miniflux to newer styling

* Combines two notes at beginning of jellyfin doc into one

* Replaces all "your application slug" with "application_slug" and replaces tags that are no longer in use

* Replaces tags that are no longer in use

* Updates immich indentation, application_slug and removes tags

* Updated bookstack indentation, tags and application slug

* Removes kbd and em tags, and updates the application slug

* Gix metadata header in bookstack doc

* Lint fix miniflux

* ArgoCD indentation

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
2025-06-10 12:48:49 +01:00

74 lines
3.9 KiB
Plaintext
Raw Blame History

---
title: Integrate with FreshRSS
sidebar_label: FreshRSS
support_level: community
---
## What is FreshRSS
> FreshRSS is a self-hosted RSS feed aggregator.
>
> -- https://github.com/FreshRSS/FreshRSS
## Preparation
The following placeholders are used in this guide:
- `freshrss.company` is the FQDN of the FreshRSS installation.
- `authentik.company` is the FQDN of the authentik installation.
:::note
This documentation only lists the settings that have been changed from their default values. Please verify your changes carefully to avoid any issues accessing your application.
:::
## authentik configuration
To support the integration of FreshRss with authentik, you need to create an application/provider pair in authentik.
### Create an application and provider in authentik
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
- Note the **Client ID**,**Client Secret**, and **slug** values because they will be required later.
- Add two `Strict` redirect URI and set them to `https://freshrss.company/i/oidc/` and `https://freshrss.company:443/i/oidc/`. If FreshRSS is exposed on a port other than `443`, update the second redirect URI accordingly.
- Select any available signing key.
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
3. Click **Submit** to save the new application and provider.
## FreshRSS configuration
:::info
This integration is compatible only with Docker or Kubernetes installations of FreshRSS that use the [FreshRSS Docker image](https://hub.docker.com/r/freshrss/freshrss/) on x86_64 systems. Note that the Alpine version of the image is not supported. For more details, see [this issue on the FreshRSS GitHub repository](https://github.com/FreshRSS/FreshRSS/issues/5722).
:::
:::warning
Before restarting your Docker container, ensure that at least one Admin user in your FreshRSS instance has a username that matches an authentik user.
:::
To enable OIDC login with FreshRSS, update your `.env` file to include the following variables:
```yaml showLineNumbers
OIDC_ENABLED=1
OIDC_PROVIDER_METADATA_URL=https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration
OIDC_CLIENT_ID=<Your Client ID from authentik<>
OIDC_CLIENT_SECRET=<Your Client Secret from authentik>
OIDC_X_FORWARDED_HEADERS=X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host
OIDC_SCOPES=openid email profile
```
Once your container or pod is restarted, attempt to login as a user that exists in both FreshRSS and authentik. Go to **Settings** -> **Authentication** and set the authentication method to **HTTP**.
## Configuration verification
To verify that authentik is correctly set up with FreshRSS, log out of FreshRSS and try logging back in using authentik. You should see a new button on the login page for OIDC authentication.
## Resources
- [FreshRSS documentation for OpenID Connect](https://freshrss.github.io/FreshRSS/en/admins/16_OpenID-Connect.html).
- [FreshRSS documentation for OIDC with authentik](https://freshrss.github.io/FreshRSS/en/admins/16_OpenID-Connect-Authentik.html)
Reference in New Issue View Git Blame Copy Permalink